The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
Present approaches for identifying security problems in networks have significant drawbacks. Typical network security evaluation, testing and protection involves installing protective elements in the network such as firewalls, virus and malware scanners, and similar systems. These systems receive reports of attack vectors that are occurring in other networks and attempt to determine if the same attacks are occurring in a particular network under test. If so, reports may be prepared and network administrators may manually examine the configuration of internetworking elements, web applications and server computers to determine whether configuration should be changed to remove a problem or prevent an attack.
However, a drawback of these approaches is that they are responsive, rather than preventive. Typically there are so many different kinds of attacks that it is considered impractical for a network administrator, or even a team of security professionals within a large enterprise, to exhaustively test all network elements and computing devices of the enterprise for vulnerability to all known attacks, malware and viruses. Therefore, in current practice many enterprise web applications, server computers and similar gear have a period of continued vulnerability until an actual security event is identified and addressed.